Posted
by
timothy
on Thursday July 05, 2012 @06:05PM
from the little-beady-coyote-eyes dept.

EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.

This is about as nefarious as me sending a batch file to you saying 'run this safe file'.

It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that, as the message itself appears to be gibberish, with an attachment. The least they could have done is put something that even remotely interested the user into opening the attachment, rather than a random string of alpha characters.

Ah, the burdens of increasing marketshare: You're now statistically significant enough for the criminal element to take an interest. In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'. Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

Saying it has never convinced the Mac community though. All those years of MS bashing will eventually come full circle.

Computers store valuable information, linux, windows, bsd, osx, they are all computers they all have something of value to steal. I've always thought just as the computing industry has smartened up to malicious activity so have the criminals, biding their time with Apple I've always thought was a long term investment, wait until there was enough Mac users out there so that when you make a r

From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.

If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.

Apple's germ free environment is why when the malware industry does hit. It

From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.

...And then you respond with a personal attack.

Moron.

If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.

Apple's germ free environment is why when the malware industry does hit. It will hit them hard.

So, let me get this straight: You said that "Apple is completely unprepared for the shitstorm that is to follow.". I countered with unequivocal proof that your statement was false. And now, since your statement has been refuted, you SWITCH your argument to a combination of an ad hominem attack (which was couched in a statement that you weren't going to respond to me calling you a clueless moron (which you are)), but more importantly, you now say that on

And ASLR was adopted 12 months ago and updated system patching. Looks like what Micrsoft has done for years Apple has caught up in some ways.

What is noteworthy is Apple cant make their OS secure enough to hold FIPS 140-2 certification.

So now, it doesn't matter that Apple HAS certain security features; but rather WHEN they were adopted? Again, changing the parameters of the original statement "completely unprepared".

OS X has had limited ASLR since 10.5 [wikipedia.org] (Leopard), which launched in 2007. Windows introduced limited ASLR in Vista [wikipedia.org], which launched... in 2007. So where are those "years" you crowed about? BTW, you will note that not only does Windows ASLR have to be disabled for "compatibility reasons", but that it has several known shortcomin

Now go learn about stack based overflows and heap based overflows. Then see how OS's like Linux has had ASLR since 05. Then go find papers on ALSR's and their various methods of circumventing them.

Unless you go for an OS with dtrace or similar managing direct syscalls and question every single one of them you'll be hard pressed to find a faultless OS. Fact of the matter is Lion is the first OS of Apples to host a fully pledged ASLR and many within the industry are skeptical it will up to the test.

Your analogy has quite a few flaws. You are in effect saying that the cave man (windows) has a better immune system (AV software). Macs and Windows are more like cats and dogs; they don't get the same diseases.

As to your cave man eating raw meat, dying from eating raw meat is far more recent. Fifty years ago you could safely eat raw hamburger, chicken, or eggs with little risk of food poisoning and in fact many people enjoyed chicken and hamburgers cooked rare, but ranching methods have changed drastically.

Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

compared to windows it is. if only due to no internet exploder. course basic literacy is on the decline these days so maybe i need to reluctantly point out for the knee-jerk idiot crowd that "more resiliant" does not mean "absolutely 100% invulnerable".

but the average mac user will likely be more sensible. I hope.

the average mac user paid more money for a mac because they thought windows was too hard. your hope is misplaced.

to make the point consider the opposite scenario. there are proof-of-concept viruses for linux. do you know why there are no linux viruses spreading in the wild? because the average linux user actually has a clue, something you cannot claim for the average windows or mac user.

linux users tend to understand that "2 hour paris hilton sex video!" should not be a 238kb executable. they understand that the guy sending them e-mail is not really a nigerian prince. they understand that their bank should already have their account number. they understand that their browser performing an HTTP GET of a.jpg does not mean that site can tell if their computer "has a virus".

you can have the greatest system in the world. if you put it in the hands of an idiot it will still get compromised.

You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?

I remember that slanderous campaign, showed how sad and desperate apple had become. Make up a bunch of BS lies and then hide them under the generic "PC" name so that it wasn't considered the fraud it was. PC became the new brand X, and as long as they didn't say either Windows or that they don't have those problems then it was technically legal. The first step towards the patheticness that is apple, now they patent troll instead using patents of ideas they stole from others (like patenting Neonode's slide to unlock patent, patenting the Sony Vaio, the Android Vega tablet from 2009...)

And I'll bet you think they are all running OSX too.... sorry to burst your bubble, but they aren't. They are using Linux

Funny. You're the first person I have EVER heard that called the ad campaign "slanderous" or "lying".

WTF are you talking about with you babbling about "stolen patents" and "Android Vega tablets" and "Sony Vaio"???

But since you are, we'll discuss these one at a time:

1. Patenting Neonode's "slide to unlock": Well, the patent case in question was against HTC, but it wasn't HTC that was considered by the UK Court to be "Prior Art"; it was ANOTHER phone (the Neonode) that had an "unlock gesture". Although

You might remember a little ad campaign colloquially called the "PC vs. Mac" Ads. The entire ad campaign was targeted at Windows victims (users) who were fed-up with being fed-on by every malware writer from here to Bangalore. How's a multimillion ad campaign that lasted for over a year for a citation?

I believe you chose a poor example there. I mean, advertisements are the most biased source of information imaginable.

Consider that Windows is the greatest OS ever!...... if you ask Microsoft.

Note that I agree with the basic premise that for average non-technical users, OSX provides a better experience than Windows. The higher cost for similar hardware, the deliberate incompatibilities of various peripherals, and the Microsoft monopoly are probably the major reasons Apple does not have a larger ma

the average mac user paid more money for a mac because they thought windows was too hard.

No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

I felt that way back in the mid 1990s. So I switched to Linux.

I continue to be glad that I did. I started out with Red Hat and have also tried Debian, Slackware, and Suse. I eventually settled on Gentoo some years ago because I like to customize, which especially includes the security options available when you build from source (like SSP). I also enjoy having such a wide variety of software available in the package manager. Not to mention, the Gentoo forums are some of the very best I've seen anywh

Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.

One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.

Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.

One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.

In my opinion people take system compromises far too lightly merely because they are common.

The danger is not having to periodically "clean their PC". That's a nuisance to be sure, but it is only a nuisance. No, the danger is that a piece of malware might help some criminal to "clean" their bank accounts. That kind of simple theft is bad enough; have you ever considered the prolonged nightmare that identity theft could cause? These are much, much worse than having to run a virus (etc.) scanner once i

In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'.

So, you're saying that my kubuntu box is less secure than my Win 7 box? Because Windows frustrates the hell out of me, the kubuntu box just keeps chugging along without problems. Example: Bluetooth. I bought a dongle to move pictures from my phone, and it came with no Linux install disk. After installing the software on my Win 7 box and rebooting twice, it was flaky but worked. Linux? I just plugged the dongle in and it wor

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.

Also remember a Trojan/Worm/whatever isn't about being known, it's the unknown malicious apps out there that are the concern. Techs find an exploit here or there but is that simply the tip of the iceberg? and Apple's security focus is simply under manned and considered an afterthought?

It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.;

I thought Apple were already doing that to our credit cards? Surely there will be nothing left for the malware authors.

Also remember a Trojan/Worm/whatever isn't about being known, it's the unknown malicious apps out there that are the concern. Techs find an exploit here or there but is that simply the tip of the iceberg? and Apple's security focus is simply under manned and considered an afterthought?

As for your references to the malware scanners - good on them. We over in PC land have had the same thing for well over a decade, way to innovate guys.

I guess you should feel special knowing that online criminals actually give a shit about you now....

P.S I so so hate Apple's interface, its been 20 years already why do cropped screenshots of OSX look nearly the same as OS7. I remember looking at the iPhone config panel and thinking, shit I played with this back in 6th grade,

Black on white has always been the Apple UI and it's really not that impressive IMHO. People also pay lots of money to listen to Justin Beiber as well but that doesn't make him the best. Computing is such a way now where fashion has sold a brand, same thing when I was a kid and Reboks were in, now its Globe and if I wore my Reboks I'd be considered lame and outdated.

In my job I get my hands on ALL latest tech and at present I have an iPad, Windows Mobile Phone, Ubuntu desktop, Debian and FreeBSD servers. I'

Rigggggghhhht.... See I look at it differently, having to tweak a system to keep to it running smoothly just shows poor architecture and substantiates IT people to keep their jobs. Cleaning registries and removing old programs isn't the world most complex task.

I also don't see it as coincidence that MacOS or Windows both being commercial products clog up after time and is usually proportial to the amount of shit you install on the system yet the free OS (linux) I download off the web which I've been using f

What I ascertain from your post is that you struggle to use an OS of any real capability. Only use the net to browse Facebook and check your bank account, please don't install anything else on your shiny Mac incase shits itself.

What I found from MacOS is iTunes, QuickTime, Safari (oh this pain) run like shit. Screensaver was buggy and caused response issues. My 'use' of the system was nothing more than taking it out of the box and using the above programs. Since it's a Mac most of the popular software out t

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

The difference is in WHAT the threats are -- last year brought us FakeAV for Macs, which showed that the criminal element was now looking at the platform as profitable. Then, later in the year, we got Flashback, which has been continually updated through April to provide botnet access and a data leak conduit on OS X.

But the real news hasn't been with these pieces of fake software, it's been with Trojanized backdoor and keylog software... which has been climbing at a steady rate, both in variants and in detected installs. We're seeing a dramatic increase in data exfiltration on Macs. It's not really a case of "now the floodgates are going to open!" but more a case of "the gates opened last year, and we're going to keep seeing the consequences."

Apple has taken note however, and has implemented a number of security changes -- not just GateKeeper, but little significant things such as not letting MachO binaries run unless they're in a proper executable bundle with proper file permissions and an info.plist.

So for the first time, we're seeing a malware arms race on OS X, which truly has never happened before.

While not dramatic, this is a few particular reasons to believe that we're on the cusp of a non-linear increase -- because it's now profitable to scam OS X users via their OS, and more and more criminal groups are realizing they can take some of the unsuspecting pie.

But let's put it into context. There may be a 1000 pieces of Linux malware out there, but very few of them can self replicate, very few of them do much more damage than stay in your/home directory without root access and even more of them are proof in concept that have been closed with security patches.

Macs are the same. Compared to Windows they don't get viruses. Mathematically speaking, the amount of attacks is so small that Apple could still say "Virus free" and get away with it, they just can't explain the statistics to the layman.

So, Linux and Mac are still Virus Free if you look at it from a purely statistical angle.

Wrong.

ONLY OS X remains VIRUS free. "Nearly zero" is NOT ZERO. In its over ten year history, OS X has NEVER had a SELF-REPLICATING piece of malware. Trojans simply don't count; because no amount of "security" can get around social engineering. But where the rubber meets the road is in malware that can spread PC to PC in a P2P fashion.

I thought the real world was more than your parents' basement. Perhaps I was mistaken!

You're also a little late. Us "Mactards" joined the supposed real world way back in the pre-OS X days. Malware on the Mac is nothing new. You're many years late to the party, presumably because you were born in the mid 90s.;)

Kaspersky Lab’s researchers analyzed the Mac OS X backdoor and concluded that the malicious application is a new and primarily undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs. However, Kaspersky Lab’s system detects the malicious variant as “Backdoor.OSX.MaControl.b.”